Cyber Security Today, Feb. 21, 2024 – A patch warning from ConnectWise, the latest ransomware news, and more

Share post:

A patch warning from ConnectWise, the latest ransomware news, and more.

Welcome to Cyber Security Today. It’s Wednesday, February 21st, 2024. I’m Howard Solomon, contributing reporter on cybersecurity for ITWorldCanada.com and TechNewsday.com in the U.S.

Cyb er Security Today on Amazon Alexa Cyber Security Today on Google Podcasts Subscribe to Cyber Security Today on Apple Podcasts

Business applications provider ConnectWise is urging IT administrators to take quick action to patch two critical vulnerabilities. They are in on-premise versions of ScreenConnect, which is used by help desks for remote computer control. The vulnerabilities could allow an attacker to execute remote code on systems, or directly impact confidential data or critical systems. The holes affect ScreenConnect versions 23.9.7 and earlier.

As cybersecurity pros around the world celebrated the takedown this week of the LockBit ransomware gang’s infrastructure there was also some sobering news: Ransomware attacks continue. German infrastructure management provider PSI Software SE said it was hit by ransomware last week. IT systems including email were taken offline. The company says no PSI customer installations have been compromised. And a Pennsylvania county said it paid an unnamed ransomware gang nearly US$350,000 in cryptocurrency to get access back to scrambled data.

Researchers at Arctic Wolf looked at data from responding to customers last year and figured your firm is much more likely to be hit by a business email compromise attack — where an employee is tricked into sending money to a threat actor — than ransomware. On the other hand firms hit by ransomware are 15 times more likely to have to undergo an incident response investigation than those victimized by business email compromise scams.

The report also confirms — again — that two strategies can lower the risk of a successful cyber attack: enforcing robust identity controls through identity and access management, and setting priorities for patching the most vulnerable systems.

Here’s more from the report: Want to get or retain cyber insurance? Insurers are looking for three things: Do you monitor your cloud assets for security, do you have logging and network monitoring, and do you have a privileged access management process.

Colorado’s Department of Health Care Planning has updated the number of employees who are victims of the hack of the department’s MOVEit file transfer server. The number originally was just over 4 million current and former staff. Now it’s 4.6 million people. Data on an estimated 94 million people from over 2,700 organizations with MOVEit on-prem or cloud services have been stolen since the end of May last year.

Threat actors are increasingly using a phishing kit called Greatness in attempts to trick Microsoft 365 users into clicking on malicious attachments. The goal, say researchers at Trustwave, is to steal login credentials. Microsoft 365 is a popular cloud business productivity suite so it’s regularly targeted by attackers. The Greatness platform allows a threat actor to insert an attachment to phishing messages that capture usernames and passwords. If the user’s system requires multifactor authentication, the Greatness platform can prompt the victim to enter the codes sent to their smartphones or emails. This particular kit is a phishing-as-a-service offering, so almost any crook can sign up. The cost: US$120 a month in Bitcoin.

Speaking of phishing, the most likely email scams that employees will fall for have a theme of an unpaid invoice or payment coming. That’s according to researchers at Abnormal Security. They looked at customer data of employees fooled by phishing lures into entering their login credentials. Just over 18 per cent of emails had themes that money was owed or is coming. Other scams that worked encourage document sharing, such as ‘Please review these documents’; emails saying there’s an unread or new message; emails saying action is quickly needed; and messages claiming an email or some sort of account has expired. As part of employee security awareness training your staff should be reminded of these tricks.

Attention IT administrators using the Redis in-memory data structure as a database, streaming engine or mesage broker: There’s a new attack you need to be aware of. Researchers at Cado Security have discovered new malware that will install cryptomining software on Redis servers. The report doesn’t say exactly how a system is initially compromised, but the result is a disabling of Redis safety configurations so the attacker can send commands to the server. One way administrators can defend against this kind of attack is to regularly watch their Redis server configurations for signs of change.

Finally, the European Commission says TikTok may not be doing enough to protect minors from harmful content. An investigation was announced on Monday into possible violations of the EU Digital Services Act. That includes whether TikTok’s algorithms result in an addictive design that affects physical or mental well-being or encourages radicalization. The Digital Services Act requires service providers to put in place measures that ensure a high level of privacy, safety and security for minors.

Follow Cyber Security Today on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker.

The post Cyber Security Today, Feb. 21, 2024 – A patch warning from ConnectWise, the latest ransomware news, and more first appeared on IT World Canada.
Howard Solomon
Howard Solomonhttps://www.itworldcanada.com
Currently a freelance writer, I'm the former editor of ITWorldCanada.com and Computing Canada. An IT journalist since 1997, I've written for several of ITWC's sister publications including ITBusiness.ca and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times.

Featured Tech Jobs

SUBSCRIBE NOW

Related articles

Google Play introduces new biometric verification with a user warning

Google has recently announced updates to the biometric verification process for Google Play purchases, aiming to bolster security...

AI hallucinations ended in a year? Hashtag Trending, Monday April 22, 2024

Capital Gains tax in Canada gets criticized by tech sector.  Amazon drops 100,000 jobs while vastly increasing its...

Cyber Security Today, Week in Review for week ending Friday April 19, 2024

On this episode Jen Ellis, co-chair of the Ransomware Task Force, talks about ways of fighting one of the biggest cyber threats to IT d

Cyber Security Today, April 19, 2024 – Police bust phishing rental platform, a nine-year old virus found on Ukrainian computers, and more

This episode reports on a threat actor targeting governments in the Middle East with a novel way of hiding malware is going international

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways